Technical Support Plan

Environments

We provide multiple deployment options for our products, giving our customers the flexibility to make use of all the product features by choosing the best model that suits your organization's business needs.

Careers

Contact Us

Cyware Daily Threat Intelligence April 26, 2018

Crossrider adware variantA new variant of the Crossrider adware was discovered infecting Mac devices. Researchers have found that this variant uses a unique attack method for maintaining persistence. The malware forced Safari and Chrome browsers to redirect users to chumsearch[dot]com. Unfortunately, this behavior cannot be changed from browser settings.

Metamorfo campaignsA new stream of financial malware campaigns targeting Brazilian companies was discovered. Dubbed Metamorfo, the campaigns abuse legitimate, signed binaries to load the malicious code. The campaigns use phishing emails with links to legitimate domains or compromised domains to distribute itself. Sometimes the URL shortener redirects the user to an online storage site that hosts a malicious ZIP file.

HPE Integrated Lights-Out (iLO 4) targetedThe hard drives of Internet-accessible HPE Integrated Lights-Out (iLO 4) remote management interfaces are being targeted by hackers in order to infect the systems with ransomware and demand a payment in Bitcoin. Users are advised to keep the remote administration tools such as iLO 4 off the internet, to stay safe from such attacks.

Top Vulnerabilities Reported in the Last 24 Hours

Updates for Windows 10Microsoft has released security patches for all supported versions of Windows 10. These patches contain fixes for the Total Meltdown vulnerability, introduced in cumulative updates that were released for Win 7 and Server 2008R2. Microsoft released KB 4078407 as a software side fix for Spectre variant 2.

Critical bug in HikvisionAn authentication bypass flaw was discovered in Hikvision’s hik-connect[.]com. When exploited, this flaw could allow hackers to hijack cameras, DVRs, and accounts. The vulnerability also allows attackers to monitor user devices and make live video and playback from the device. Users would not have the slightest hint that someone else is watching.

Top Breaches Reported in the Last 24 Hours

Sensitive data of Bezop users left openAround 25,000 investors of the Bezop cryptocurrency had their data stolen due to an unsecured MongoDB. Exposed data included names, addresses, encrypted passwords, copies of driver's license and passports, wallet information etc. The organization behind the currency immediately secured the data.

New Jersey school employees lose dataA privacy breach at Irvington Public Schools in New Jersey exposed partial data of 1,200 employees’ Social Security Numbers. The incident occurred after an email was sent with the details to an undetermined number of recipients. The email included names and social security numbers.

Amazon Traffic HijackedMultiple Cloud services of Amazon were hijacked, redirecting users to malicious websites. About 13,000 IP addresses were exploited to carry out this attack. Hackers also directed traffic from MyEtherWallet to a fake page to siphon cryptocurrency off of users. About $27 million worth of cryptocurrency was stolen in this attack.

To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.